Running cgi-scripts (python) as root? (maybe suexec?)

I for the life of me can't get my webserver to run a python script correctly as root... obviously there is big security concerns but this python scripts runs on scapy which requires promiscuous access on the ethernet interfaces to fire and receive packets so I need root.

I see two options from reading online-

1) I can run the whole webserver as root, which is a big security hole, even the flag to enable this has a funny name but I can't even get this to work... I downloaded a recent version of httpd (whole thing, not just binaries) then did a->

env CFLAGS="-Wall -DBIG_SECURITY_HOLE" ./configure
then a #make then a #make install

which didn't work it still came up with the error (when i set user and group to root) the error

Code:

Syntax error on line 228 of /etc/httpd/conf/httpd.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n

which sounds awesome, but now after a day of wasting time I can't even find a great example... and I am not sure this will allow root anyway, maybe just another user.... is this the way to go? has someone had this type of problem before?

In the past when I've needed to do something like this I generally write a wrapper program in C for my script and then use the SUID bit on the C program to make it run as root. You just need to know enough C to handle the input and output of the script.

Can you not run the script as some limited user that's part of (that one user group that allows network access) group?

I have been trying that it does not seem to work, someone on the scapy mailer gave me some 'patch' that might a regular user to do the functions I want... I am cloning the virtual machine right now b/c i don't want to ruin my program and environment before I start editing every little file....

In the past when I've needed to do something like this I generally write a wrapper program in C for my script and then use the SUID bit on the C program to make it run as root. You just need to know enough C to handle the input and output of the script.

do you have any good resources I can read up on the SUID bit? and maybe an example c program? this might be the way I have to go I am trying a scapy patch right now that might make it act more normal (and run w/o root)

It will always run as the root user, regardless of who is actually running it.

To clarify that, su always runs as the root user because the su binary is owned by the root user. The setuid bit causes the program to always run as the user who owns the binary; thus, if you want your program to run as root, root must be the owner of the binary.